Don't get me wrong. There are plenty of real dangers. But it's really not that difficult to prevent getting a single malware on your phone. And as far as iOS apps are concerned. How do you know they are safe? The reason that malware is discovered on Android is precisely because the OS is open.

A while ago, the Camera+ app which used the Volume buttons for taking snaps was rejected from the AppStore *after* it was approved. How did it get the hidden feature through the approval process? It was discovered and rejected because it violated AppStore policies. How do you know how much malware has made through and not been discovered?

Charlie Miller snuck in a prototype malware program into the App Store. Apple did not discover it until he publicly announced it and got the app rejected. How do you know hoe much malware there really is floating around in the App Store?

Give me the choice of checking the permissions any day. I let Google's Bouncer do the grunt work, but still search myself. Likewise Apple may well be getting *most* of the malware out, but if something slips through, there is no second line of defense.

So your argument is: Android's 136 threats must be less than iOS's ___ threats, because we don't know what ___ equals, despite F-Secure saying it was zero? So to "prove" F-Secure is wrong about iOS having zero threats, you use the Camera+ app as an example of "how much malware has made it through and not been discovered." LOL. Camera+ is not malware. It was pulled for violating Apple's Human Interface Guidelines. F-Secure would not classify that as malware, trojan, or PUA. And yet you do as part of your FUD campaign against iOS? Why don't you count ALL of the iOS apps that have been rejected for violating Apple's HIG rules as evidence of malware on iOS? That might add up to a high number, LOL.

Nice post SFLOCAL! I set up two XP Pro (SP3) machines for the office a couple of years ago (Windas coz of a small budget and the workers only knew MS shite), and tried to run them without AV software for a couple of weeks as a experiment to see (as a curious Mac user) how they stood up: was XP really that vulnerable? Both hopelessly infected via the browser in three days of occasional use on the internet! Reinstalled with Kaspersky and worked OK for a few months but then got slower and slower. What a farce!

So your argument is: Android's 136 threats must be less than iOS's ___ threats, because we don't know what ___ equals, despite F-Secure saying it was zero? So to "prove" F-Secure is wrong about iOS having zero threats, you use the Camera+ app as an example of "how much malware has made it through and not been discovered." LOL. Camera+ is not malware. It was pulled for violating Apple's Human Interface Guidelines. F-Secure would not classify that as malware, trojan, or PUA. And yet you do as part of your FUD campaign against iOS? Why don't you count ALL of the iOS apps that have been rejected for violating Apple's HIG rules as evidence of malware on iOS? That might add up to a high number, LOL.

Sideloading enables those who know about it to do "cool things" that others can't do on their phone.

Which leads to bragging and explaining to friends how to do it, who then show it to other friends etc.

At the end of the day, a lot of Android users end up side loading apps because someone told them to. And a lot of them don't have the knowledge to be able to discern what is a so-called "trusted source".

Jailbraking enables those who know about it to do "cool things" that others can't do on their phone.

Which leads to bragging and explaining to friends how to do it, who then show it to other friends etc.

At the end of the day, a lot of iOS users end up side loading apps because someone told them to. And a lot of them don't have the knowledge to be able to discern what is a so-called "trusted source".

Originally Posted by dasanman69
Not entirely true. The apps I have sideloaded were recommended on XDA, and various other sites. Side loading by default is off and many devices do not allow the user to change it, and the vast majority of users don't even know how to do it or are unaware that they can.

Originally Posted by KDarling
1) Newbies cannot accidentally sideload an app. They have to first go find and purposely turn on "Load from unknown sources" and on some phones, also turn off "Disallow or warn before installation of apps that may cause harm."

I suffered the mercifully brief misfortune of owning a Samsung Galaxy Y phone.

Samsung's own in-house apps prompted the user to enable "Load from unknown sources" to allow further updates of its own software to be installed.

The Galaxy Y runs Android 2.3 gingerbread and can't be updated to Android Jelly Bean, so it's wide open to security flaws that have since been patched.

I replaced it with a Xperia tipo running android 4.0.4. It was released by Sony in early 2012 but can't be officially upgraded to 4.2.1!

Yet the iPhone 3GS I bought in 2009 has been updated to the current iOS 6.1.

OS improvements include security updates, the large proportion of Android handsets which can't be patched remain potentially vulnerable.

So your argument is: Android's 136 threats must be less than iOS's ___ threats, because we don't know what ___ equals, despite F-Secure saying it was zero?

It's weird. The last time a security firm issued an alert for OS X, the general theme here was that they were blowing it out of proportion. That they were only interested in selling AV software to Mac users. And over half a million Macs got infected. But anytime malware on Android gets mentioned, it's, "Aha, see Android is a virus ridden piece of sh-t!!!" What reason does F-Secure have to really look for malware on iOS since they KNOW they aren't going to allowed to sell any form of AV software for iOS? If trying to sell their software negates their warnings for OS X, why doesn't it affect any opinions on Android malware?

And as someone tried to point out, it DOES matter both where these Android viruses are coming from and where they are targeted. As someone living in the US, why would I be concerned with malware showing up on 3rd party app stores in China or India? Similarly, how many apps have been found that actually contain these malware vectors? One per type? Twenty? These things matter when you're going to start making claims that Android is more or less secure than iOS.

1) Newbies cannot accidentally sideload an app. They have to first go find and purposely turn on "Load from unknown sources" and on some phones, also turn off "Disallow or warn before installation of apps that may cause harm."

2) Look at the list of threats. Almost all affect a small, targeted group that sideload an app in China or India, etc. They include sideloaded apps aimed at Tibetan human rights activists, and my favorite, "A fake "job offer" Android app in India informs that the user is being considered for a position at TATA Group, an Indian multinational company. To arrange the interview, the app asks for a refundable security deposit."

Sorry, but if you're that gullible, it doesn't matter if the "threat" came from an app or a website or an email.

What about this? Is this a side load?

"As Sean Sullivan, Security Advisor at F-Secure Labs stated in the report, ?I?ll put it this way: Until now, I haven?t worried about my mother with her Android because she?s not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.?

Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat ?could be a game changer.?"

Tell me how your grandmother will be smart enough to avoid this stench. And then tell me how much of your brain is dedicated to safe computing.

"As Sean Sullivan, Security Advisor at F-Secure Labs stated in the report, ?I?ll put it this way: Until now, I haven?t worried about my mother with her Android because she?s not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.?

Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat ?could be a game changer.?"

Tell me how your grandmother will be smart enough to avoid this stench. And then tell me how much of your brain is dedicated to safe computing.

Because it'll most likely end up in his grandmother's spam folder.

"Few things are harder to put up with than the annoyance of a good example" Mark Twain"Just because something is deemed the law doesn't make it just" - SolipsismX

It's weird. The last time a security firm issued an alert for OS X, the general theme here was that they were blowing it out of proportion. That they were only interested in selling AV software to Mac users. And over half a million Macs got infected. But anytime malware on Android gets mentioned, it's, "Aha, see Android is a virus ridden piece of sh-t!!!" What reason does F-Secure have to really look for malware on iOS since they KNOW they aren't going to allowed to sell any form of AV software for iOS? If trying to sell their software negates their warnings for OS X, why doesn't it affect any opinions on Android malware?

And as someone tried to point out, it DOES matter both where these Android viruses are coming from and where they are targeted. As someone living in the US, why would I be concerned with malware showing up on 3rd party app stores in China or India? Similarly, how many apps have been found that actually contain these malware vectors? One per type? Twenty? These things matter when you're going to start making claims that Android is more or less secure than iOS.

If you are not concerned they are targeted at the US then you are making a mistake. They soon will be as that is where the money is and that's what these guys are after.

You act like one has to write a thesis on a app before installing it. No research needs to be done. Think of it like ebay, you search a item you want to buy and 2 sellers pop up, one with a high rating and another with few or none. Who are you going to buy from? You probably do the same exact thing in the app store. This data is really worthless without data on how many devices have gotten infected. More malware does not mean more infected devices.

Not buy from anyone, drive by link in email.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.

Not entirely true. The apps I have sideloaded were recommended on XDA, and various other sites. Side loading by default is off and many devices do not allow the user to change it, and the vast majority of users don't even know how to do it or are unaware that they can. Very much like the app store most users don't go past the highly downloaded or recommended apps. I won't deny malware is a problem with Android but I think most users especially in the US have little to none to worry about.

So, the Kindle Fire and all those "hub" equipped galaxies, how do their repositories work, given they are not Google Play?

Some of the most popular Android devices rely on breaking their users away from Google Play.

Making them vulnerable.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.

1) Newbies cannot accidentally sideload an app. They have to first go find and purposely turn on "Load from unknown sources" and on some phones, also turn off "Disallow or warn before installation of apps that may cause harm."

2) Look at the list of threats. Almost all affect a small, targeted group that sideload an app in China or India, etc. They include sideloaded apps aimed at Tibetan human rights activists, and my favorite, "A fake "job offer" Android app in India informs that the user is being considered for a position at TATA Group, an Indian multinational company. To arrange the interview, the app asks for a refundable security deposit."

Sorry, but if you're that gullible, it doesn't matter if the "threat" came from an app or a website or an email.

3) Many of these "security firms" include, as potential threats, apps like log viewers which people download on purpose. Anything to boost the numbers.

You know, I've sometimes wondered why sideloading is considered unacceptable on smartphones and tablets when it has almost always been how one installs programs on laptops or desktops. Is installing a third party app inherently riskier on a mobile device? Or is the perceived danger of side-loading due to users tending to install more apps on their mobile devices, thereby exposing themselves more often?

Well, from what kdarling says, it's because Android users are more "gullible".

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.

I have now been using Android for 5 years. And I have no malware on my phone. Yes, I check the permissions before installing, and if I find anything suspicious, I don't install the app. Not really all that difficult.

I would pay money to see you explain this to a room full of people who aren't interested in technology in the slightest (only use their phone to keep in contact with others), don't even want to be at a meeting with an IT person (only doing it because it's required for their job), and will make a joke or snide comment anytime they hear tech terminology they don't understand (either that or just tune out at that point). Welcome to the rest of the world.

How the f*ck do you confuse trojans infecting Microsoft Windows XP systems using legacy software requiring Microsoft Internet Explorer along with Microsoft ActiveX with that article you linked to?

Mate, maybe it's time to give up, the tenuousness of the far fetched links you use in your constant defence of all things Google has left the bounds of reality.

How did trojan's get in via Chrome?

Because the idiots in IT trusted the "most secure browser" bullshit spouted by Google acolytes which let Chrome punch a hole through the corporate firewalls most probably by installing Java in the background, when users stupid enough to believe that "private browsing" gave them immunity from going to sites they shouldn't have.

Edited by hill60 - 5/15/13 at 6:47am

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.

So a security company that sells Android security apps has produced a report that says Android malware is increasing? It's hardly going to say "Hey folks, there isn't much Android malware, you don't need to buy our apps!" There's a bit of self interest conflict here. I had security software installed on my Android devices, but took it off after 6 months because it never found anything. I'm not saying it doesn't exist, it does, but if you only ever install popular apps from the Play Store you'll never see a virus. A cynical person might wonder whether this F-Secure report is in part a scare story in order to boost its app sales.

So a security company that sells Android security apps has produced a report that says Android malware is increasing? It's hardly going to say "Hey folks, there isn't much Android malware, you don't need to buy our apps!" There's a bit of self interest conflict here. I had security software installed on my Android devices, but took it off after 6 months because it never found anything. I'm not saying it doesn't exist, it does, but if you only ever install popular apps from the Play Store you'll never see a virus. A cynical person might wonder whether this F-Secure report is in part a scare story in order to boost its app sales.

Sex sells but it pales in comparison to scare tactics.

"Few things are harder to put up with than the annoyance of a good example" Mark Twain"Just because something is deemed the law doesn't make it just" - SolipsismX

Is that because "gullible people" as you call them, are only sucked in by Android?

iOS was targeted (legally) for a long time, in order to collect Contacts info to send to spam producers. Why do you think Apple belatedly added the Contact permission popup?

As for "gullible", you don't need a malware app to get some people to send money in hopes of getting more money. That's just a classic scam, and it's not something that just happens on Android or in apps. Such scams happen far, far more often via websites, email, texts. The report simply ignored the other vectors because it didn't matter to them.

Now, there are apps that I would classify as real malware, for example, ones that send expensive texts or calls in the background. But again, they mostly occur in places like China where people are sideloading like crazy on devices without access to the Play Market.

The reality is that most people never see any malware. You guys acting like it's a huge problem just look silly to all those who use Android daily.

See, Android is the superior platform, because it's open! Open for business to scammers! You get what you pay for from a free OS. It'll be okay though. They'll release a software update (you should probably start calling them "Service Packs"). Just sit tight for another year or so.

How the f*ck do you confuse trojans infecting Microsoft Windows XP systems using legacy software requiring Microsoft Internet Explorer along with Microsoft ActiveX with that article you linked to?

Mate, maybe it's time to give up, the tenuousness of the far fetched links you use in your constant defence of all things Google has left the bounds of reality.

How did trojan's get in via Chrome?

Because the idiots in IT trusted the "most secure browser" bullshit spouted by Google acolytes which let Chrome punch a hole through the corporate firewalls most probably by installing Java in the background, when users stupid enough to believe that "private browsing" gave them immunity from going to sites they shouldn't have.

So no example then. Sounds almost made up if I didn't know you better.

"As Sean Sullivan, Security Advisor at F-Secure Labs stated in the report, ?I?ll put it this way: Until now, I haven?t worried about my mother with her Android because she?s not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.?

Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat ?could be a game changer.?"

Tell me how your grandmother will be smart enough to avoid this stench. And then tell me how much of your brain is dedicated to safe computing.

This is typical scare tactics. If Sean Sullivan's grand mother is not tech savvy, she's not going to be able to install the app since the "Install from unknown sources" is disabled by default. She would have to first dig into the settings go to security (which by itself should be a hint), enable the checkbox. Which displays a warning dialog about the consequences. Ignore the warning. Go back and click on the link again (this is a smart thing Android's done that the install doesn't start immediately), download the apk again. See the permissions that a flash player needs to make phone calls and send SMSes. Ignore that as well and then install the app. And if she's not tech savvy, she's probably unlikely to have much sensitive information on the phone either.

I would pay money to see you explain this to a room full of people who aren't interested in technology in the slightest (only use their phone to keep in contact with others), don't even want to be at a meeting with an IT person (only doing it because it's required for their job), and will make a joke or snide comment anytime they hear tech terminology they don't understand (either that or just tune out at that point). Welcome to the rest of the world.

Agreed. I'm a techie. But my wife is not. I'd say she would typify most non technical folks. I occasionally check her phone as well. And she doesn't have any malware on it either. The only time I can remember was a few years back there was a rash of apps that injected ads in the notification shade. Wouldn't exactly call it malware. But annoying. It was a simple matter of running a scan to see which apps pushed ads and deleting them. Thankfully that practice is no longer followed. Obviously the app developers got the message. It's very likely that other app stores contain malware and people pirating apps get malware (and serves them right), but for the vast majority of folks using the Google Play Store and following a little bit of common sense, the danger of getting infected I'd think is very low. I don't know if this is actually true, but I think phishing attacks seem to be down as well. Maybe it's better filtering of spam by email providers, or maybe it's that people have smartened up and you have tools now like browsers flagging possible phishing links. If you are susceptible to phishing *and* enable side loading *and* ignore permissions, then you may possibly get malware on your phone. But you are probably getting malware on your PC as well.

Maybe someone with a Kindle fire can comment. But I would hope that Amazon has done what Google has done and has the same setting. Except that would work for stores other than the Amazon App Store.

...and Samsung's hub?

Take a look at a Samsung Android phone, there is pretty much two of everything, Google version and Samsung version with Samsung applications asking for update permissions while you are still in the process of setting the phone up.

I've never noticed a list of trusted sources in settings, only allow third parties or not.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.

Remember when computer "XPerts" would recommend Windows for home use? to everyone? And many of the XPerts knew that it was a dangerous decision that cost many thousands, maybe millions, of home users data and drives. Same history rolling out again: Filthy OS and no updating. Just Google's "here, look at it through these pose colored glasses."

Agreed. I'm a techie. But my wife is not. I'd say she would typify most non technical folks. I occasionally check her phone as well. And she doesn't have any malware on it either. The only time I can remember was a few years back there was a rash of apps that injected ads in the notification shade. Wouldn't exactly call it malware. But annoying. It was a simple matter of running a scan to see which apps pushed ads and deleting them. Thankfully that practice is no longer followed. Obviously the app developers got the message. It's very likely that other app stores contain malware and people pirating apps get malware (and serves them right), but for the vast majority of folks using the Google Play Store and following a little bit of common sense, the danger of getting infected I'd think is very low. I don't know if this is actually true, but I think phishing attacks seem to be down as well. Maybe it's better filtering of spam by email providers, or maybe it's that people have smartened up and you have tools now like browsers flagging possible phishing links. If you are susceptible to phishing *and* enable side loading *and* ignore permissions, then you may possibly get malware on your phone. But you are probably getting malware on your PC as well.

It seems to happen a lot with live wallpaper type applications which can consume a lot of data and often affects people on lower plans who only notice when they run up large bills.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.

Jailbraking enables those who know about it to do "cool things" that others can't do on their phone.

Which leads to bragging and explaining to friends how to do it, who then show it to other friends etc.

At the end of the day, a lot of iOS users end up side loading apps because someone told them to. And a lot of them don't have the knowledge to be able to discern what is a so-called "trusted source".

Too bad Jailbreaking and Sideloading are different things, and this makes your "replace Android by Apple in that phrase" switcheroo pretty meaningless in the context of the discussion.

The barrier to entry for jailbreaking is much higher than for sideloading. You have to physically connect the iPhone to a computer, and it is disabled with every iOS update. It's not something that you switch on your friend's phone while waiting for the bus.

Also, by default you can't install random apps directly from the Web like you can on Android with sideloading, you have to go through the Cydia store which is curated and malware-free. Only if you really wanted you could hack your jailbroken iOS device the enable installing arbitrary apps from the Web, and there's no enticing reason to do so for less knowledgeable users as you can find pretty much everything on Cydia.

If you're trying to argue that Jailbreaking an iPhone is as easy as Sideloading on Android, then you're also saying that the whole point about "Android is better because you can sideload apps" is moot.

"security firms", snake oil security firms, typical scare tactics - WOW, really... then I suggest you remove any and all programs that "protect" you from any threat, virus, spam, trojan, spyware, adware, etc etc... Tell Malwarebytes, McAfee, Symantec, and the many others that they are fools, sham artist, etc. Cause they are in the same business as F-Secure.

All spam filters are not 100%, and you have many users that just click without thinking and infect their PC, or mobile device with something. Sometimes things load WITHOUT the users knowledge, and start installing all kinds of things.

YES, majority of this type of stuff is non-USA based, hence reason you don't hear US based corps going on about this. F-Secure is not US based and deals more with international stuff. So you will hear more from them. And they have a blog you can read for free, and not pay a dime to them. So, let's warn people, and have them take steps they need to, period. They don't go on about you must buy our stuff. They give you information, if you act on it fine, if you don't fine.

You will always have "threats" to any device, MAC, PC, Mobile... you will always have silly users who click and don't pay attention, you will always have those making millions off those silly users. And they will then make more stuff to get more money from more people... simple.

You don't want to make me curmudgeon, you would not like me when I am curmudgeon. I go all caps, bold, with a 72PT font and green lettering.

Remember when computer "XPerts" would recommend Windows for home use? to everyone? And many of the XPerts knew that it was a dangerous decision that cost many thousands, maybe millions, of home users data and drives. Same history rolling out again: Filthy OS and no updating. Just Google's "here, look at it through these pose colored glasses."

Get a Nexus and you'll get all the updates. Google doesn't control the other manufacturers.

"Few things are harder to put up with than the annoyance of a good example" Mark Twain"Just because something is deemed the law doesn't make it just" - SolipsismX

Too bad Jailbreaking and Sideloading are different things, and this makes your "replace Android by Apple in that phrase" switcheroo pretty meaningless in the context of the discussion.

The barrier to entry for jailbreaking is much higher than for sideloading. You have to physically connect the iPhone to a computer, and it is disabled with every iOS update. It's not something that you switch on your friend's phone while waiting for the bus.

Also, by default you can't install random apps directly from the Web like you can on Android with sideloading, you have to go through the Cydia store which is curated and malware-free. Only if you really wanted you could hack your jailbroken iOS device the enable installing arbitrary apps from the Web, and there's no enticing reason to do so for less knowledgeable users as you can find pretty much everything on Cydia.

If you're trying to argue that Jailbreaking an iPhone is as easy as Sideloading on Android, then you're also saying that the whole point about "Android is better because you can sideload apps" is moot.

What about enterprise iPhones? Weren't there fake enterprise accounts being open in China and pirated apps being installed on iPhones?

"Few things are harder to put up with than the annoyance of a good example" Mark Twain"Just because something is deemed the law doesn't make it just" - SolipsismX

I believe proof by squirrel was used to back up one of the major theories in quantum physics. It's that sound. /s

Nothing has been proven until tested against Squirrel Girl. Squirrel Girl is apparently one of the most power characters in Marvel Comics. Squirrel Girl has beaten some of the most powerful characters in the Marvel Universe.

Doctor Doom (one of the two smartest men in the Marvel Universe who is also a powerful sorcerer)
Mandarin
Thanos (a herald of Galactus)
Terrax
Deadpool
Pluto
Fin Fang Foom
Baron Mordo
Korvac
Ego the Living Planet (one of the most powerful beings in the Marvel Universe)
Wolverine